Google Cloud Breach
Table of Contents
- Published: Jun 25, 2024
- Last Updated: Jul 09, 2024
Google Cloud is a comprehensive array of cloud computing services offered by Google, enabling individuals and businesses to leverage its robust infrastructure for deploying and scaling applications. Google Cloud is famed for its high-speed performance, commitment to security, and compliance with international regulatory standards. However, in early 2020, over 201 million sensitive personal records were exposed online in a Google Cloud breach.
On January 27, 2020, the Comparitech security research team discovered an exposed database hosted on the Google Cloud server and took steps to identify the owner of the database. The team failed to identify the identity of the owner and alerted Google to the exposed database. More than four weeks later with no response, the server was taken offline. During the entire period while the server was online, new information was added to the database.
Over 800 gigabytes of personal data was exposed in the breach. This contained millions of detailed user records, such as first name, last name, middle name initial, address, zip code, county of residence, email address, date of birth, credit ratings, phone number, number of children and their genders, mortgage and tax records, and information about personal investments, interests, and donations to political campaigns, religious organizations, and charities.
Separate from the personal identifiable information exposed in the database, two additional folders were breached. They are reported to contain 74 bike share stations owned by Lyft and call logs of a United States fire department.
While no evidence suggests Google Cloud Platform (GCP) owns the information in the exposed database, reports of a leak of the data stored on their servers may still make potential users rethink becoming GCP customers.
When Was the Google Cloud Breach?
According to Comparitech, the exposed database was first indexed by search engine BinaryEdge on January 26, 2020. However, the Comparitech security research team found the exposed database and began an investigation on January 27, 2020. On March 4, 2020, the server on which the database existed was taken offline. Considering this timeline, it is believed that the breach may have occurred before January 2020.
How to Check If Your Data Was Breached
There are no verified groups of people impacted by the Google Cloud breach. While some data analysts believed the majority of the information contained in the database may have originated from United States Census records, such a belief remains unsubstantiated.
What to Do If Your Data Was Breached
Since there is no way to know for sure whether your data was exposed in the Google Cloud breach, you can only take steps to protect yourself by changing the passwords to your accounts regularly. Also, you should report suspicious activities in your accounts to the relevant law enforcement agencies.
Are There Any Lawsuits Because of the Data Breach?
There are no known lawsuits arising from the Google Cloud breach discovered in January 2020.
Can My Google Cloud Information Be Used for Identity Theft?
While nobody knows for sure who owns or who got their hands on the data leaked in the Google Cloud breach, the detailed demographic and personal identifiable information contained in the dataset is a goldmine for cybercriminals, scammers, and spammers running phishing campaigns. With the exposed information in the leak, malicious persons may use it for identity theft.
What Can You Do to Protect Yourself Online?
The need to protect oneself from cyber criminals cannot be understated. With more and more applications and services rendered online, it is becoming increasingly crucial to be protected against identity theft and other online vices. You can protect yourself by taking the following steps:
- Use secure passwords. Many people use common and simple passwords, which may be easily guessed by cybercriminals. A strong password avoids the use of predictable patterns and typically combines a mix of special characters, numbers, and letters. This complexity makes it hard for attackers to find your passwords using brute force attacks or other similar attacks.
- Set up two-factor authentication. Also called 2FA, it requires at least two verification forms, such as a password and a one-time password, for access to be granted.
- Monitor your financial accounts. Regularly checking your online accounts and bank statements can help you notice patterns that may indicate suspicious activities via unauthorized access to your account. For instance, you may use a credit monitoring service to monitor your financial accounts.
- Limit the information you share online. The less personal information you provide on the internet, the lower the chances of cyberattacks getting your data. If personal information is not mandated when filling out online forms, do not provide them.
- Update your software regularly. It is important that you regularly update your operating system, antivirus, browsers, and other applications requiring internet access. Updates typically deliver security patches to plug security holes that may be exploited by criminals to steal your data.
- Do not click links from unknown sources or download attachments in unsolicited mail.
Keep abreast of cybersecurity threats and best practices in mitigating their impacts. IDStrong offers regular updates on cyber threats and how to avoid them.
